| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAEAjamuJjjyWFw9Fn4_6-97WDhpWTfvLNQdPHT-AZ843yese9g@mail.gmail.com>
Date: Fri, 26 Oct 2018 11:49:10 -0400
From: Kyungtae Kim <kt0755@...il.com>
To: bvanassche@....org
Cc: Jens Axboe <axboe@...nel.dk>, jikos@...nel.org,
Byoungyoung Lee <lifeasageek@...il.com>,
DaeRyong Jeong <threeearcat@...il.com>,
linux-block@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] floppy: Avoid memory access beyond the array bounds in setup_rw_floppy()
Thank you for your reply.
> Against which kernel tree did you prepare this patch? Just above the code
> you want to insert I found the following:
>
> if (ptr->cmd_count > 33) ...
Yes, I saw that code as well. But I find out there is no more
additional code relevant to it.
So I guess, that is for like reserved ones for the future work (e.g., RESTORE).
And such code cannot solve this crash issue because the crash happens
even when cmd_count is less than 33.
> or not? Anyway, I don't think it makes sense first to compare cmd_count against
> 33 and next to compare it against 16 ...
I agree. So far, seems that removing if (ptr->cmd_count > 33) looks better.
Please let me know if you have better ideas.
> This comparison looks suspicious to me. Almost every comparison of the type
> "... > ARRAY_SIZE()" I have seen so far was wrong and should be changed into
> "... >= ARRAY_SIZE()" instead.
Well, let me check this part again.
Thanks,
Kyungtae Kim
Powered by blists - more mailing lists